As cybercrime surges, experts call zero trust a must for Indian BFSI

Speaking at Business Standard's BFSI Summit, experts highlighted the need for a zero-trust approach, calling it a critical requirement

Don't want to miss the best from Business Standard?

Data from the Ministry of Home Affairs showed that Indians lost ₹23,000 crore to financial fraud last year. The country also witnessed a staggering 42 per cent jump in reported cybercrimes over the same period.

 

At the Business Standard BFSI Insight Summit 2025, during a panel discussion titled “Trust No One, Verify Everything: Cybersecurity for the Digital Age,” experts agreed on the urgent need for a zero-trust approach — a model now seen as essential for securing digital ecosystems as regulators demand greater operational transparency.

 

A zero-trust model treats every user and device as untrusted, requiring continuous verification before granting access to systems or data.

 

Zero trust has been around for a while: Malcolm Gomes

 

According to Malcolm Gomes, Chief Operating Officer, IDfy, the concept of zero trust has existed for some time. “It started with the NIST in the US, and the thought process came from there. At this point, regulators have not mandated it, but it has crept into the thought process of organisations,” he said.

 

Mahavir Jindal, Chief Operations Officer, Amazon Pay India, agreed that zero trust is not a new concept. “If someone is in a financial services business, they have to operate in a zero-trust environment,” he said, adding that for him, zero trust is “all-pervasive.”

 

Cybersecurity shifting from perimeter defence to verification models

 

According to Deep Narayan Mukherjee, Partner, Boston Consulting Group (BCG), cybersecurity used to be “perimeter dependent,” meaning that external requests to internal servers required verification. Under zero-trust architecture, however, it no longer matters whether a user is inside or outside the organisation — all must go through the same level of authentication and verification.

 

Zero trust a critical requirement: Deep Mukherjee

 

Mukherjee explained that in most cyberattacks, the breach begins with phishing, after which malware infiltrates and spreads through the system. “With a zero-trust architecture, if there is an exfiltration attempt, the activity would be detected and blocked immediately,” he said.

 

Threat vectors evolving at a rapid scale: Mahavir Jindal

 

Jindal noted that threat vectors are evolving rapidly and that zero-trust capabilities must advance in tandem. He explained that at Amazon Pay, “any data exchange, whether with an external partner or an internal one, happens in a zero-trust environment — implying an exchange of keys.”

 

While he believes the industry is doing a decent job implementing zero-trust systems, Jindal warned that the pace of cyber threats continues to accelerate. “While we have a good foundation, there is a long way to go to address the emerging threat vectors,” he said.